Benefits of virtualization don’t stop at endpoint security

When it comes to smart technology investments, few new technologies can match virtualization for drop-dead-obvious ROI. You don't need a degree in accounting to understand that the ability to increase server and storage capacity without having to invest a dime in additional hardware means huge cost savings. Savings not only in terms of hardware costs, but also in the power consumption, heat dissipation and management costs associated with deploying additional hardware. It is the ultimate in server consolidation.

You can see the increasing demand for these benefits in the increase in virtualization-enabled server sales. In three years, the number of servers shipped with virtualization technology has grown from nearly zero to 500,000, according to IDC. With the virtualization-enabled server infrastructure growing in data centers, a new opportunity for further efficiency has emerged - virtual appliances.

The end of the appliance bloat

Over the past few years, across enterprises of all sizes, hardware appliances have become the preferred deployment form factor for specialized IT functions such as messaging security. Physical security appliances provide a number of compelling benefits for enterprises — they are pre-configured, easy to deploy, simple to manage and usually offer a compact form factor.

But the rapid adoption of appliances, particularly for security solutions, has lead to "appliance bloat" — racks and racks of multi-colored boxes, each performing a specialized function. As security threats have proliferated and as enterprises have deployed more and more appliances to combat these threats, the ease-of-use and management benefits that make security appliances so popular are at risk of being overwhelmed by the complexity and costs involved with managing a large number of "point solution" appliances.

Initial attempts at solving appliance bloat have focused on collapsing multiple appliance functions onto a single physical appliance. Today's most prominent examples of this would be messaging security appliances, which typically combine anti-spam, anti-virus and outbound content filtering on a single box, and unified threat management (UTM) appliances, which usually combine firewall, IPS and other network security functions. While these multifunction appliances decrease the raw number of appliances required to run applications, their implementation still requires the addition of hardware to the data center.

With virtual appliances, enterprises can simply install "hardware-free appliances" on their existing virtualized server infrastructure. Virtualization technology, such as VMWares, transforms a mix of industry-standard x86 servers and their associated processors, memory, disk and networking components into a pool of "logical" computing resources that can be dynamically allocated to different virtual machines (each of which might be running an entirely different operating system, applications and services).

Many of today's hardware appliances are based on standard x86 server hardware running a customized OS and specialized applications and can, with a small amount of effort on the part of vendors, be transformed into a virtual appliance. Everything about the solution — operating system, application, user interface — is the same as it would be with a physical appliance, except that it requires no dedicated physical infrastructure. The benefits are identical to those realized by traditional server virtualization — reduced hardware costs, management overhead, power consumption, heat generation and space consumption. Additionally, virtual appliances can use the data center's virtualized failover, backup, change management and disaster recovery features, generating further efficiency gains. In addition, new virtual servers can be deployed (for scalability or redundancy purposes) on as as-needed basis at zero incremental cost.,


Everybody wins: Enterprises, vendors and resellers

You might think that technology vendors and resellers would loathe the new era of virtualization. After all, there is a huge market for physical appliances and server hardware and virtualization cuts into those profits. However, virtualization actually delivers enormous benefits to every member of the value chain — vendors, resellers and enterprises. Specifically, these include:

§ Much easier product evaluations - Think about what you go through every time you evaluate an appliance. Your first interaction with the vendor is with a salesperson, who tries to push you toward an evaluation. If you agree to the evaluation, you then have to wait for the appliance to be shipped to you, often with the support of a field engineer, who helps with the process of installation and setup. This process normally takes weeks and disrupts your work schedule, and then you have to deal with the follow-up of sales personnel. Compare this to the process of evaluating a virtual appliance: you could simply download a trial virtual appliance at the time when you want to evaluate the appliance and begin using it in a matter of minutes without having to interact with the vendor or reseller. Your evaluation is done in the time it would normally take just to have an appliance delivered to you. To you, this is hassle-free efficiency. To the vendors and resellers, this is a shorter sales cycle and a lower cost per sale, since the sale only requires paid human intervention at the very end of the sales process.

§ Easier lab environment set-up - If you want to set up a lab environment to test software from multiple vendors, virtual appliances make it extremely easy to set up multiple appliances on a single server for testing purposes. You can try new products and modules, test configuration changes and evaluate different server configurations with great ease. For example, you can take a snapshot of your production environment and run it in a lab environment. Applying patches and performing upgrades can all be performed at low cost in the lab environment on an identical snapshot of your production system. Again, these capabilities will shorten the sales cycle and lower the total cost of sales for virtual appliance vendors.

§ Lower capital expenditure - No hardware means lower costs. Virtual appliances can save end users thousands of dollars on initial purchase price, and thousands more by utilizing existing data center failover and disaster recovery resources. As for vendors and resellers, they lose the extra dollars in hardware revenue, but the lower cost of sales keeps margins at an acceptable level, and they stand to gain significant volume benefits from the virtual sales model. Simply put, they can sell a lot more product, much more efficiently.

Virtualization changes the multi-function appliance game

Virtual appliances also have interesting ramifications on the UTM/multifunction appliance market. To date, most UTM appliances have "forced" applications on customers. For example, vendor X may be known as a great firewall company, but when you buy its multifunction UTM box you also have no choice but to also adopt its other security applications as well, which may be substandard.

With virtual appliances, enterprises can adopt a best-of-breed approach to UTM with incredible deployment flexibility. For example, if your messaging security solution is performing reputation services on IP addresses, you likely want it to share that information with your firewall so the filtering can be performed at an earlier step.

You can also logically cluster best-of-breed appliances and, through advanced virtualization technologies, have them communicate with each other on the same box. This strengthens your overall security posture because you can adopt best-of-breed virtual appliances — as opposed to generic applications on a physical UTM appliance — and have them interact much more efficiently than is possible when they are running as discrete physical appliances. Skeptics will undoubtedly say, "This will cause an unacceptable performance hit if you're running these on commodity server infrastructure." And while that may be true today, Moore's Law will see to it that this is not true in the near future.

While hardware appliances will remain the most popular deployment method for security applications in the near term, it's not a stretch to say that virtual appliances, coupled with commodity hardware, will eventually overtake today's customized, multifunction appliances. This is especially true at enterprises with aggressive virtualization strategies where the significant cost savings, coupled with benefits of using superior best-of-breed technology, will far outweigh any perceived performance advantages of proprietary appliances.

Virtual security appliances are just beginning to appear today. But it will not be long before they enjoy the same adoption rate as traditional server and storage virtualization. Why? Because like virtualized servers and storage, the ROI of virtual security appliances is drop-dead-obvious.

- Sandra Vaughan is senior vice president of products and marketing for Proofpoint.

Get daily email updates

SC Media's daily must-read of the most current and pressing daily news

By clicking the Subscribe button below, you agree to SC Media Terms and Conditions and Privacy Policy.